General
-
Target
a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe
-
Size
45KB
-
Sample
240518-g6yq3sff71
-
MD5
a2a4e83e35f7cafbc1c73fd179737e80
-
SHA1
94f0660549221c8bf48184ea39324ece80053935
-
SHA256
5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396
-
SHA512
426211ae1ee5f20f338613bc3c83afe51481110cc7f6d4fd32b869cdc5f927c831e4596de4ff60c905bc33e314ef8f64896df0681e4b4c380f34c61504ba8052
-
SSDEEP
768:VdhO/poiiUcjlJIniwzH9Xqk5nWEZ5SbTDahWI7CPW5z:rw+jjgniyH9XqcnW85SbToWI7
Behavioral task
behavioral1
Sample
a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
xenorat
damizk.ddns.net
Xeno_rat_ndsszcv
-
delay
5000
-
install_path
appdata
-
port
7628
-
startup_name
nothingset
Targets
-
-
Target
a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe
-
Size
45KB
-
MD5
a2a4e83e35f7cafbc1c73fd179737e80
-
SHA1
94f0660549221c8bf48184ea39324ece80053935
-
SHA256
5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396
-
SHA512
426211ae1ee5f20f338613bc3c83afe51481110cc7f6d4fd32b869cdc5f927c831e4596de4ff60c905bc33e314ef8f64896df0681e4b4c380f34c61504ba8052
-
SSDEEP
768:VdhO/poiiUcjlJIniwzH9Xqk5nWEZ5SbTDahWI7CPW5z:rw+jjgniyH9XqcnW85SbToWI7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-